Skip to content

Commit bd4f468

Browse files
estespestesp
authored
Merge pull request #5186 from cpuguy83/fix_docker_cert_loading
Fix docker style cert loading.
2 parents 5461fa3 + 1fd99e2 commit bd4f468

2 files changed

Lines changed: 118 additions & 4 deletions

File tree

remotes/docker/config/hosts.go

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,6 @@ func ConfigureHosts(ctx context.Context, options HostOptions) docker.RegistryHos
8282
return nil, err
8383
}
8484
}
85-
8685
}
8786

8887
// If hosts was not set, add a default host
@@ -490,7 +489,7 @@ func loadCertFiles(ctx context.Context, certsDir string) ([]hostConfig, error) {
490489
}
491490
hosts := make([]hostConfig, 1)
492491
for _, f := range fs {
493-
if !f.IsDir() {
492+
if f.IsDir() {
494493
continue
495494
}
496495
if strings.HasSuffix(f.Name(), ".crt") {
@@ -501,9 +500,9 @@ func loadCertFiles(ctx context.Context, certsDir string) ([]hostConfig, error) {
501500
certFile := f.Name()
502501
pair[0] = filepath.Join(certsDir, certFile)
503502
// Check if key also exists
504-
keyFile := certFile[:len(certFile)-5] + ".key"
503+
keyFile := filepath.Join(certsDir, certFile[:len(certFile)-5]+".key")
505504
if _, err := os.Stat(keyFile); err == nil {
506-
pair[1] = filepath.Join(certsDir, keyFile)
505+
pair[1] = keyFile
507506
} else if !os.IsNotExist(err) {
508507
return nil, err
509508
}

remotes/docker/config/hosts_test.go

Lines changed: 115 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,9 @@ import (
2020
"bytes"
2121
"context"
2222
"fmt"
23+
"io/ioutil"
2324
"net/http"
25+
"os"
2426
"path/filepath"
2527
"testing"
2628

@@ -190,6 +192,87 @@ ca = "/etc/path/default"
190192
}
191193
}
192194

195+
func TestLoadCertFiles(t *testing.T) {
196+
dir, err := ioutil.TempDir("", t.Name())
197+
if err != nil {
198+
t.Fatal(err)
199+
}
200+
defer os.RemoveAll(dir)
201+
202+
type testCase struct {
203+
input hostConfig
204+
}
205+
cases := map[string]testCase{
206+
"crt only": {
207+
input: hostConfig{host: "testing.io", caCerts: []string{filepath.Join(dir, "testing.io", "ca.crt")}},
208+
},
209+
"crt and cert pair": {
210+
input: hostConfig{
211+
host: "testing.io",
212+
caCerts: []string{filepath.Join(dir, "testing.io", "ca.crt")},
213+
clientPairs: [][2]string{
214+
{
215+
filepath.Join(dir, "testing.io", "client.cert"),
216+
filepath.Join(dir, "testing.io", "client.key"),
217+
},
218+
},
219+
},
220+
},
221+
"cert pair only": {
222+
input: hostConfig{
223+
host: "testing.io",
224+
clientPairs: [][2]string{
225+
{
226+
filepath.Join(dir, "testing.io", "client.cert"),
227+
filepath.Join(dir, "testing.io", "client.key"),
228+
},
229+
},
230+
},
231+
},
232+
}
233+
234+
for name, tc := range cases {
235+
t.Run(name, func(t *testing.T) {
236+
237+
hostDir := filepath.Join(dir, tc.input.host)
238+
if err := os.MkdirAll(hostDir, 0700); err != nil {
239+
t.Fatal(err)
240+
}
241+
defer os.RemoveAll(hostDir)
242+
243+
for _, f := range tc.input.caCerts {
244+
if err := ioutil.WriteFile(f, testKey, 0600); err != nil {
245+
t.Fatal(err)
246+
}
247+
}
248+
249+
for _, pair := range tc.input.clientPairs {
250+
if err := ioutil.WriteFile(pair[0], testKey, 0600); err != nil {
251+
t.Fatal(err)
252+
}
253+
if err := ioutil.WriteFile(pair[1], testKey, 0600); err != nil {
254+
t.Fatal(err)
255+
}
256+
}
257+
258+
configs, err := loadHostDir(context.Background(), hostDir)
259+
if err != nil {
260+
t.Fatal(err)
261+
}
262+
if len(configs) != 1 {
263+
t.Fatalf("\nexpected:\n%+v\ngot:\n%+v", tc.input, configs)
264+
}
265+
266+
cfg := configs[0]
267+
cfg.host = tc.input.host
268+
269+
if !compareHostConfig(cfg, tc.input) {
270+
t.Errorf("\nexpected:\n%+v:\n\ngot:\n%+v", tc.input, cfg)
271+
}
272+
})
273+
}
274+
}
275+
193276
func compareRegistryHost(j, k docker.RegistryHost) bool {
194277
if j.Scheme != k.Scheme {
195278
return false
@@ -283,3 +366,35 @@ func printHostConfig(hc []hostConfig) string {
283366
}
284367
return b.String()
285368
}
369+
370+
var (
371+
testKey = []byte(`-----BEGIN PRIVATE KEY-----
372+
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDa+zvPgFXwra4S
373+
0DzEWRgZHxVTDG1sJsnN/jOaHCNpRyABGVW5kdei9WFWv3dpiELI+guQMjdUL++w
374+
M68bs6cXKW+1nW6u5uWuGwklOwkoKoeHkkn/vHef7ybk+5qdk6AYY0DKQsrBBOvj
375+
f0WAnG+1xi8VIOEBmce0/47MexOiuILVkjokgdmDCOc8ShkT6/EJTCsI1wDew/4G
376+
9IiRzw2xSM0ZATAtEC3HEBRLJGWZQtuKlLCuzJ+erOWUcg2cjnSgR3PmaAXE//5g
377+
SoeqEbtTo1satf9AR4VvreIAI8m0eyo8ABMLTkZovEFcUUHetL63hdqItjCeRfrQ
378+
zK4LMRFbAgMBAAECggEBAJtP6UHo0gtcA8SQMSlJz4+xvhwjClDUyfjyPIMnRe5b
379+
ZdWhtG1jhT+tLhaqwfT1kfidcCobk6aAQU4FukK5jt8cooB7Yo9mcKylvDzNvFbi
380+
ozGCjj113JpwsnNiCG2O0NO7Qa6y5L810GCQWik3yvtvzuD7atsJyN0VDKD3Ahw7
381+
1X8z76grZFlhVMCTAA3vAJ2y2p3sd+TGC/PIhnsvChwxEorGCnMj93mBaUI7zZRY
382+
EZhlk4ZvC9sUvlVUuYC+wAHjasgN9s3AzsOBSx+Xt3NaXQHzhL0mVo/vu/pjjFBs
383+
WBLR1PBoIfveTJPOp+Hrr4cuCK0NuX9sWlWPYLl5A2ECgYEA5fq3n4PhbJ2BuTS5
384+
AVgOmjRpk1eogb6aSY+cx7Mr++ADF9EYXc5tgKoUsDeeiiyK2lv6IKavoTWT1kdd
385+
shiclyEzp2CxG5GtbC/g2XHiBLepgo1fjfev3btCmIeGVBjglOx4F3gEsRygrAID
386+
zcz94m2I+uqLT8hvWnccIqScglkCgYEA88H2ji4Nvx6TmqCLcER0vNDVoxxDfgGb
387+
iohvenD2jmmdTnezTddsgECAI8L0BPNS/0vBCduTjs5BqhKbIfQvuK5CANMUcxuQ
388+
twWH8kPvTYJVgsmWP6sSXSz3PohWC5EA9xACExGtyN6d7sLUCV0SBhjlcgMvGuDM
389+
lP6NjyyWctMCgYBKdfGr+QQsqZaNw48+6ybXMK8aIKCTWYYU2SW21sEf7PizZmTQ
390+
Qnzb0rWeFHQFYsSWTH9gwPdOZ8107GheuG9C02IpCDpvpawTwjC31pKKWnjMpz9P
391+
9OkBDpdSUVbhtahJL4L2fkpumck/x+s5X+y3uiVGsFfovgmnrbbzVH7ECQKBgQCC
392+
MYs7DaYR+obkA/P2FtozL2esIyB5YOpu58iDIWrPTeHTU2PVo8Y0Cj9m2m3zZvNh
393+
oFiOp1T85XV1HVL2o7IJdimSvyshAAwfdTjTUS2zvHVn0bwKbZj1Y1r7b15l9yEI
394+
1OgGv16O9zhrmmweRDOoRgvnBYRXWtJqkjuRyULiOQKBgQC/lSYigV32Eb8Eg1pv
395+
7OcPWv4qV4880lRE0MXuQ4VFa4+pqvdziYFYQD4jDYJ4IX9l//bsobL0j7z0P0Gk
396+
wDFti9bRwRoO1ntqoA8n2pDLlLRGl0dyjB6fHzp27oqtyf1HRlHiow7Gqx5b5JOk
397+
tycYKwA3DuaSyqPe6MthLneq8w==
398+
-----END PRIVATE KEY-----
399+
`)
400+
)

0 commit comments

Comments
 (0)